CVE-2021-28856: 
Homebrew vulnerability analysis and mitigation

A division by zero vulnerability was discovered in Deark before version 1.5.8. The vulnerability is tracked as CVE-2021-28856 and was disclosed on April 14, 2021. The issue affects the file format analysis and data extraction utility Deark, specifically in the src/fmtutil.c file where a specially crafted input file can trigger a division by zero condition due to the value of pixelsize (NVD, Fatih Blog).

The vulnerability exists in the fmtutil.c file at line 1621, where a division operation is performed using bi→pixelsize as the divisor without proper validation. When processing certain input files, if pixelsize has a value of 0, it leads to a division by zero error. The vulnerability has a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The successful exploitation of this vulnerability can cause the application to crash due to the division by zero error, leading to a denial of service condition. The vulnerability affects the availability of the system but does not impact confidentiality or integrity (NVD).

The vulnerability has been fixed in Deark version 1.5.8. The fix involves adding a check to ensure that bi→pixelsize is greater than zero before performing the division operation. Users should upgrade to version 1.5.8 or later to address this vulnerability (GitHub Patch).